Secure Remote Password (SRP)

Tomas Mraz tomas at openssl.org
Tue Oct 18 06:26:14 UTC 2022


The SRP support will not be removed in 3.x releases. At the earliest it
could be removed in 4.0 release. Whether there will be a replacement
for the deprecated SRP APIs at that time we cannot currently say.

So unless you absolutely require not using deprecated APIs you can
still move to 3.x releases as the existing SRP API continues to be
supported there.

Tomas Mraz, OpenSSL

On Mon, 2022-10-17 at 21:13 -0700, Norm Green wrote:
>  I'm also interested in the answer to these questions regarding SRP
> in OpenSSL v3.
>  
>  Our project still uses OpenSSL v1.1.1 with plans to move to v3 next
> year. 
>  
>  However we use SRP extensively and will not be able to move to v3 if
> SRP support is soon to be no longer available.
>  
>  Norm Green
>  GemTalk Systems LLC
>  
> On 10/17/2022 2:49 PM, Rohit Khera [C] wrote:
>  
> > I am trying to get information on versions and usage of the Secure
> > Remote Password Protocol (SRP) APIs in OpenSSLv3. 
> >  
> >    1. Are SRPv3, v6, and/or v6a supported? 
> >  
> >    1. I found the following information in the OpenSSL documents on
> > the following C API for SRP: SRP_create_verifier(),
> > SRP_user_pwd_new(), SSL_CTX_set_srp_password()
> > While the following documents the API :
> > https://www.openssl.org/docs/man3.0/man3/SRP_VBASE_new.html
> > Are there any examples of client and server programs that use these
> > interfaces in order to register and authenticate a user? 
> >  
> >    1. The docs state that the APIs are deprecated -  are new
> > versions of the APIs planned or can we expect SRP functionality to
> > be unavailable in future versions of OpenSSL? 
> >  
> > /R
> >  
> >  
>  

-- 
Tomáš Mráz, OpenSSL



More information about the openssl-users mailing list